Post navigation

Over the weekend I saw a large number of Facebook users were searching my blog for information about a Facebook scam that disguises itself as a status update saying the user will “never text again”. A couple of times in the last few months we’ve seen this is a successful method for encouraging hundreds of thousands of unsuspecting Facebook users to click on a link.

Well, from the scammers point of view, if it ain’t broke why fix it? Sure enough, they’re using the ploy again to dupe Facebook addicts.

OMG! Im never going to send another text message again after seeing this! <LINK>

At the time of writing, these messages appear to have slowed on Facebook. But that may be because they have been superceded by a yet another new incarnation of the campaign, which uses different wording and spelling:

OMG! Im not txtin again now that I have seen this! <LINK>

However, the link that these latest messages point to, which takes the user via the tiny.cc short url redirection service, remains the same.

Clicking on the link takes you to a Facebook page, which encourages you to click onward, and permit a rogue application to have access to your profile.

But do you really want to give the rogue application permission to peruse your Facebook profile and the ability to email you directly? Just imagine how cybercriminals could take advantage of you giving them free reign to email you their spam messages or malicious links directly..

But many Facebook users probably aren’t thinking about this, and after blindly handing control over to a third-party Facebook application, they will end up seeing a news story from the Sydney Morning Herald.

Of course, it’s perfectly possible to read this news story (first published in the Sydney Morning Herald in September 2008) without giving permission to a rogue Facebook application.

(As a side note, it would be fascinating to hear from the SMH what kind of spike in web traffic they have seen coming to this old news article in the last few days).

The scammers, meanwhile, are keen to steal access to even more Facebook profiles. And behind the scenes they have already updated your own Facebook status to advertise the same message to all of your Facebook friends.

OMG! Im not txtin again now that I have seen this! <LINK>

And so the message spreads virally across the network, fuelled by users who click without thinking, and give access to third party applications without reading the small print.

If you fell foul of this or similar attacks, make sure that you check your application settings on Facebook, and remove the offending application’s access to your profile.

Here’s a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:

Post navigation

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter: <a href="https://twitter.com/gcluley">@gcluley</a>.